Secure boot tooling is terrible, can we do better? Currently the most widely used tooling for secure boot is the Ubuntu sbsigntools and efitools. If you are currently using secure boot both of these packages are probably installed on your system. Both of them support the basics of generating signature lists and signing the EFI variables with certificates, but they still have differences which is a source of confusion. efitools has 3 different ways of generating signature lists: cert-to-efi-ha...
